- user creation:
aws_iam_user
andaws_iam_access_key
comparing with manually creation from console, terraform created user :- can be destroyed(revoked) by terraform
- can be used as variables in other resources
- will store all key and secret in tfstate file, not secure?
- ways to apply policy to resource and user:
- create
aws_iam_policy_document
, assign to policy arg ofaws_iam_user_policy
- using
user
arg to attach policy - or using
principle
in policy's statement to attach to different IAM users
- using
- create
aws_iam_policy_document
, attached toaws_iam_user_policy_attachment
- can attach to user, role or group
- attach to multiple in one resource
- create
aws_iam_policy_document
, assign to policy arg of resource_policy respectively, eg:aws_s3_bucket_policy
,- have to use 'principle' in statement to assign permission to user
- using json policy assign to policy arg of
aws_iam_user_policy
or resource_policy
- create
- ways to create iam_policy_document
- terraform configuration block
aws_iam_policy_document
- inline json
- using file
- terraform configuration block
Last active
September 12, 2016 01:36
-
-
Save JohnnyNiu/14c1913daab7ed68fdda113fe5c3a983 to your computer and use it in GitHub Desktop.
terraform user and policy notes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment